security fix - brian krebs on computer and internet security - (washingtonpost.com)
security fix - brian krebs on computer and internet security - (washingtonpost.com)
security fix
subscribe to the post
recent posts
storm worm victims get stock spam pop-up
microsoft plugs critical windows security hole
apple patches iphone security hole
security pro admits to hijacking pcs for profit
patch tuesday preview, and a windows warning
stories by category
fraud
from the bunker
latest warnings
misc.
new patches
piracy
safety tips
u.s. government
stories by date
full story archive
related links
the archives
security fix live: web chats
about this blog
password primer
7 security tips
technology section
syndicate
rss feed
brian krebs on computer security
about this blog
|
archives
|
rss feed
(what's rss?)
posted at 05:11 pm et, 11/13/2007
storm worm victims get stock spam pop-up
if you're a windows users and today received a surprise pop-up advertisement urging you to invest in an obscure penny stock, it is highly likely that your computer is infected with the virulent storm worm, a nasty intruder that currently resides on an estimated 200,000 pcs worldwide.
criminal groups that control the pool of storm-infected computers have traditionally used those systems to pump out junk e-mail ads touting thinly traded penny stocks as part of an elaborate and ongoing series of "pump-and-dump" schemes. but today, according to security researchers, the storm worm authors went a step further by causing a pop-up ad for a particular penny stock to be shown on all infected machines.
atlanta-based secureworks tracked the latest storm activity, which began earlier this morning. the pop-up, shown in the image to the right, touts a microcap stock for hemisphere gold inc. [hpgi.pk] as a "strong buy." joe stewart, a senior security researcher at secureworks who has closely tracked storm since its inception in january, said this is the same stock that storm-infected machines advertised in a traditional spam run that began monday evening.
for those readers who received this pop-up, the news only gets worse: detecting and removing a storm infestation can be exceedingly difficult, as it is programed to regularly mutate its digital make-up. part of storm's sneakiness stems from the fact that it ships with what's known as a "rootkit," a set of computer instructions designed to hide the malicious files and system processes that carry out most of the worm's activities. it does this essentially by inserting those components into legitimate windows processes and drivers -- such as "tcpip.sys," the driver that handles core internet networking functions on windows systems.
"by injecting itself into regular windows processes and hijacking windows drivers, storm doesn't give you much to grab onto there," stewart said. "most people are going to have to depend on their anti-virus vendor to eventually get updated to detect whichever storm variant is on their machine, or pay an expert to find it on their machine and remove it."
image courtesy qwoter.com.
predictably, anyone who was foolish enough to snap up shares of the storm-touted stock -- hpgi.pk -- lost money in trading. the company's share price fell 15 cents today, from $1.15 per share to $1.00. a noticeable and uncharacteristic uptick in trading volume on this stock is evident over the past week, possibly indicating that groups allied with the storm worm authors were taking a position in advance of this spam campaign.
i put a call into hemisphere gold and am awaiting a response. i'll update this post if the company issues a comment or responds to my query.
posted by brian krebs | permalink
| comments (0)
share this: technorati
| tag in del.icio.us | digg this
posted at 02:01 pm et, 11/13/2007
microsoft plugs critical windows security hole
microsoft today issued two software updates to remedy security vulnerabilities in its windows operating systems, including one that criminal groups have been targeting lately to break into and steal data from vulnerable machines.
one of the patches fixes a critical flaw found in windows xp and windows server 2003 systems that also have internet explorer 7 installed. this vulnerability is not present in windows vista. for more than a month now, cyber criminals have been blasting out spam e-mails containing malicious links or adobe pdf documents that try to install spyware programs when users click the links or open the files.
the pdf attacks first surfaced about a month ago, after adobe issued a patch to prevent pdfs from being used to exploit the windows flaw. experts said virus writing groups quickly disassembled that patch to pinpoint the weakness, which is caused by the way certain windows installations validate things like malformed web links.
the second problem microsoft addressed today affects windows server 2003 and windows 2000 server systems, versions of windows not typically used by the average home user.
windows users can download the patches from the microsoft update web site or via automatic updates.
posted by brian krebs | permalink
| comments (3)
share this: technorati
| tag in del.icio.us | digg this
posted at 08:54 am et, 11/13/2007
apple patches iphone security hole
apple iphone users should soon be prompted to install a software update that plugs a much-publicized security hole in the devices.
the critical vulnerability patched by apple was the very same used by iphone developers to power "jailbreak," software that allows iphone users to install third-party (non-apple made) applications. according to computerworld, this latest update makes it difficult (but not impossible) for users of brand-new iphones to install jailbreak.
the update is available only through itunes and won't appear in the bundled software update application or at the apple downloads site. apple advises iphone users to make sure they have the latest version of itunes (7.5) installed before applying the update.
posted by brian krebs | permalink
| comments (0)
share this: technorati
| tag in del.icio.us | digg this
posted at 06:03 pm et, 11/10/2007
security pro admits to hijacking pcs for profit
a los angeles security professional has admitted to infecting more than a quarter million computers with malicious software and installing spyware that was used to steal personal data and serve victims with online advertisements.
john kenneth schiefer, 26, variously known online as "acid" and "acidstorm," agreed to plead guilty to at least four felony charges of fraud and wiretapping, charges punishable by $1.75 million in fines and nearly 60 years in prison.
investigators say schiefer and two minors -- identified in the complaint only by their online screen names "pr1me" and "dynamic" -- broke into about 250,000 pcs. on at least 137,000 of those infected systems, schiefer and his cohorts installed programs that allowed them to control the machines remotely. the malicious "bot" programs also allowed the attackers to steal any user names and passwords that victims had saved in internet explorer.
schiefer is thought to be the first in the united states to be accused of violating federal wiretapping laws by operating a "botnet" -- the term for a large grouping of hacked, remotely controlled computers -- according to mark krause, an assistant u.s. attorney in los angeles.
in an exclusive interview with security fix, schiefer said he's been experimenting with computers and writing software in one form or another since 1991, when he first discovered internet relay chat(irc), a vast sea of text-based communications networks that predates instant-messaging software. there are tens of thousands of irc channels all over the world catering to almost every imaginable audience or interest, including quite a few frequented exclusively by hackers, virus writers and loose-knit criminal groups. irc channels have traditionally been among the most popular means of controlling botnets.
for the past several years, schiefer has acted as an administrator for "#bottalk" and "#rizon," two of the more active hacker chat rooms on irc, where the discussion ranges from pop culture to methods for improving the latest bot programs and identifying which web sites most recently got hacked.
schiefer said he and his friends spread the bot programs mainly over aol instant messenger (aim). by using malicious "spreader" programs such as niteaim and aim exploiter, schiefer and his co-conspirators spammed out messages inviting recipients to click on a link. anyone who took the bait had a "trojan horse" program downloaded to their machine, an invader that then tried to fetch the malicious bot program.
schiefer admits he and friends used several hjacked paypal accounts to purchase web hosting that helped facilitate the spreading of their bot programs.
schiefer's employer -- los angeles-based internet telephony provider 3g communications -- let him go in march 2006 after he filed a series of disability claims. his job at the time was to help secure communications networks for businesses.
schiefer claims that he stopped all of the malicious activity in early january 2006.
"ever since then, i've been more trying to create a positive thing and trying to prevent crap like this happening," he said. "i kind of saw the error of my ways and decided i'd had enough."
later that month, federal agents raided his home, seizing computer equipment and other evidence.
schiefer also said he had installed adware on machines he and his friends controlled, making a 20 cent commission each time they installed a piece of software from topconverting, a now defunct adware company formerly owned by simpel internet, a marketing company based in the netherlands.
schiefer acknowledged that in mid-2005, he made more than $19,000 in commissions from topconverting by installing to hijacked computers. the government claims he made the money installing adware over a period of a month in june 2005. schiefer said he earned that sum in less than one week's time.
schiefer admitted that he spent most of that week's earnings the following month entertaining himself and friends at defcon, a massive hacker and security research conference held annually in las vegas.
interestingly, i featured topconverting in a february 2006 story i wrote for the washington post magazine, which chronicled the exploits of "0x80," a hacker who -- like schiefer -- made thousands of dollars a month installing adware on machines he had seeded with bot programs.
from that story: "majy says topconverting, which did not respond to requests for comment for this article, paid him an average of $2,400 every two weeks for installing its programs. he got 20 cents per install for computers in the united states and five cents per install for pcs in 16 other countries, including france, germany and the united kingdom. a nickel per install doesn't sound like much, unless you control a botnet of tens of thousands of computers."
according to an fbi informant who asked not to be named, schiefer was a member of defonic, a hacker group that included the individuals identified in the paragraph above as zach "majy" mann, as well as "0x80". another member of defonic --- cameron "cam0" lacroix -- earned his reputation after breaking into paris hilton's cell phone account and later leading the group in breaching data giant lexisnexis, a stunt in which cam0 and several others pulled sensitive records on more than 310,000 people, including a number of hollywood celebrities.
most former members of the defonic crew are now either in jail or have only recently been released from prison.
schiefer said he regrets his actions, and hopes that the cooperation he has shown with law enforcement in the case so far will lighten his sentence.
"i don't think anyone should feel sorry for me," schiefer said. "what i was doing was wrong [and] stupid, and i got caught."
posted by brian krebs | permalink
| comments (135)
share this: technorati
| tag in del.icio.us | digg this
posted at 10:02 am et, 11/ 9/2007
patch tuesday preview, and a windows warning
microsoft plans to release just two security updates next week to fix problems with windows and other software. meanwhile, the company says it has received reports from windows xp and windows 2003 users that criminals are targeting an unpatched flaw in those operating systems.
microsoft said it is aware of "limited attacks" targeting a vulnerability in a windows component that handles macrovision copy protection technology. macrovision has separately released a patch to plug the security hole, and microsoft says that it is working with the company to push out an update to fix the problem through its regular monthly patch process.
it's not clear which security holes microsoft will plug next tuesday, but if i had to guess i'd wager the company will fix this uri-handling vulnerability that crooks have been exploiting lately to break into windows machines. last week, attackers blasted out a run of junk e-mails containing maliciously crafted pdf files that -- when opened -- fetched and installed password-stealing programs on victims' machines.
if you're reading this between 11 a.m and 12:00 p.m. et today and have a security-related question or conundrum, drop it in the queue at security fix live.
posted by brian krebs | permalink
| comments (4)
share this: technorati
| tag in del.icio.us | digg this
posted at 12:31 pm et, 11/ 7/2007
russian business network: down, but not out
a major russian internet service provider whose client list amounted to a laundry list of organized cyber crime operations appears to have closed shop. but security experts caution that there are signs that the highly profitable network may already be building a new home for itself elsewhere on the web.
the russian business network, an isp and web hosting provider long based in st. petersburg, russia, this week relinquished most of its allocated internet addresses after a number of its main upstream internet providers severed ties with the group.
the disappearance of rbn comes less than a month after i wrote a series of stories detailing the organization and history of the shadowy isp. that series examined rbn's infamy as a world hub for web sites devoted to child pornography, spamming and identity theft, a so-called "bulletproof hosting" provider to some of the most sophisticated cyber criminal networks in operation today.
within 24 hours of that oct. 13 story, rbn's biggest upstream provider -- tiscali.uk -- began refusing to route internet traffic for rbn, according to several security experts. days later, the second of rbn's three main upstream providers -- c4l -- dropped the russian isp as a customer.
then, on nov. 4, nearly all of the most troublesome web sites on rbn's network went dark. the following day, rbn relinquished control over internet space that hosted thousands of domains connected to countless fraud schemes over the years.
while rbn may appear to have been vanquished, experts at anti-spam group spamhaus say there are strong indications that a huge swath of internet space recently established in china may soon emerge as the next incarnation of the russian business network. if spamhaus's assumptions are correct, rbn's new home would include several times more additional web hosting capacity than its previous location in russia.
not everyone is willing as yet to attribute the chinese address registrations to rbn. matthew richard, director of the rapid response team for idefense, a security company owned by verisign, said it's too soon to draw that connection definitively. but according to richard, rbn's customers began preparations for moving to other providers shortly after the post published my rbn story.
about a week ago, adobe released a security update to fix a dangerous security hole in its software that allowed criminals to foist malicious software on people who clicked on links in spam e-mails blasted out to millions. richard said while much of the malware in that attack was downloaded from web sites hosted at rbn, the criminals behind that attack established backup download sites at two other other bulletproof hosting providers.
"in that attack, it was clear that rbn's customers were already hedging their bets," he said. "not only did rbn know that the writing was on the wall, but so did their customers."
the apparent flight of rbn came on the eve of a lengthy cybercrime speech by fbi director robert mueller. speaking at penn state on tuesday, mueller addressed the internationalization of cyber crime and its threat to the political and economic stability of the united states.
"increasingly, cyber threats originate outside of our borders. and as more people around the world gain access to computer technology, new dangers will surface," mueller said. "the internet has opened up thousands of new roads for each of us--new ideas and information, new sights and sounds, new people and places. but the invaders--those whose intent is not enlightenment, but exploitation and extremism--are marching right down those same roads to attack us in multiple ways."
posted by brian krebs | permalink
| comments (11)
share this: technorati
| tag in del.icio.us | digg this
posted at 11:34 am et, 11/ 6/2007
salesforce.com acknowledges data loss
business software provider salesforce.com acknowledged that a recent spate of targeted e-mail virus and phishing attacks against its customers resulted from one of its own employees falling for a phishing scam and turning over the keys to the company's customer database.
on oct. 19, security fix reported that payroll giant automatic data processing (adp) and several banks -- including suntrust -- were among a number of institutions that were victimized by a series of highly-targeted phishing scams that addresses recipients by name and asked them to click on a link - which tried to download password-stealing malicious software. a suntrust executive alleged that the scammers obtained their list of suntrust customers via a data compromise at salesforce.com.
a salesforce.com executive would not answer direct questions about the incident at the time. salesforce.com data also was implicated in a pair of targeted malware attacks that appeared to have been sent from the federal trade commission, an attack that installed password-stealing software on pcs of more than 500 victims.
now, in an e-mail sent monday to nearly a million customers, salesforce.com is finally owning up to a data loss.
"we learned that a salesforce.com employee had been the victim of a phishing scam that allowed a salesforce.com customer contact list to be copied," the company wrote. "information in the contact list included first and last names, company names, email addresses, telephone numbers of salesforce.com customers, and related administrative data belonging to salesforce.com.
as a result of this, a small number of our customers began receiving bogus emails that looked like salesforce.com invoices, but were not--they were also phishes. unfortunately, a very small number of our customers who were contacted had end users that revealed their passwords to the phisher."
however, a few days ago a new wave of phishing attempts that included attached malware--software that secretly installs viruses or key loggers--appeared and seemed to be targeted at a broader group of customers."
update, 1:05 p.m. et:included a link to the letter sent by salesforce.com to its customers.
posted by brian krebs | permalink
| comments (20)
share this: technorati
| tag in del.icio.us | digg this
posted at 05:40 pm et, 11/ 5/2007
new quicktime version plugs 7 security holes
apple on monday released another iteration of its quicktime media player that fixes at least seven security vulnerabilities in previous versions of the software. the flaws are present in earlier versions of quicktime for mac, windows xp and windows vista.
six out of seven of the security holes fixed by the new quicktime version -- 7.3 -- are the kind that attackers or nasty web sites could use to install unwanted software just by convincing a quicktime user to view a specially crafted image or movie file.
mac users can grab the latest quicktime updates through the built-in software update feature. windows users should be able to fetch the patched version via the apple software update program that comes bundled with itunes and quicktime. for windows users who don't have itunes installed and don't want it, this link should work for a quicktime standalone installer.
posted by brian krebs | permalink
| comments (23)
share this: technorati
| tag in del.icio.us | digg this
posted at 06:00 am et, 11/ 5/2007
deconstructing the fake ftc e-mail virus attack
a targeted e-mail virus disguised as an identity theft inquiry from the federal trade commission appears to have successfully compromised more than 500 pcs, including victims at banks, real estate brokerages, law firms and marketing companies.
each of the victims received the invitation to open the virus-infected attachment via an e-mail that addressed the recipient by name, and in some cases included the name of the recipient's employer. security fix was able to gain access to one of several internet addresses where data stolen from victims' pcs was uploaded by the virus. the link did not require a user name or password. there are several security outfits working to get the site taken down, but the longer it stays live there is the potential that the sensitive information could be obtained by more criminals.
it's not clear how the attacker selected targets, but one thing is increasingly clear: malicious e-mail virus and "phishing" attacks that most of us have become accustomed to deleting are beginning to shift from indiscriminate, blast-as-many-spams-as-you-can assaults to sophisticated attacks that use information gleaned from previous data thefts to target individual e-mail users. the end result is that a far higher percentage of recipients actually open the poisoned attachments, and in some cases even forward the message on to a trusted friend, co-worker, or subordinate.
recipients running microsoft windows who clicked on the attachment in the bogus ftc e-mail were warned by windows that an executable file (a program installer) was about to run, and given the chance to decline the execution. anyone who ignored that warning witnessed yet another social engineering feat. the invading program then produced a pop-up alert complaining that microsoft word had crashed, and that the user could double-click on a provided icon to restart word. it was in double-clicking on that "ok" tab that victims were setting the final stages for allowing a trojan horse program to invade their machines and record every single keystroke that they typed from there on out.
the malicious program doesn't just record every finger tap made by the user. in addition, the malware author has coded his software to let him view his victim's windows desktop in real time. real time, as in the attacker can take screen shots while the victim surfs the web, including when someone logs into a bank account or other sites requiring passwords.
the person who masterminded this attack even took screen shots of his own desktop, presumably to test his malware to make sure it functioned properly (note that his windows desktop is in russian with cyrillic characters). a short snippet of commands he typed on his own computer -- along with his own ip address -- also appeared in the cache of stolen data on the web site where the trojan horse uploads stolen data.
the individual responsible for this virus lives in the ukraine and writes his own malicious software, according to matthew richard, director of the rapid response team for idefense, a security firm owned by verisign.
to illustrate the remote control features of the malware, check out the screenshot below, which the perpetrator took when one of his victims was alerted to the presence of his program by an antivirus program -- score one for antivirus vendor avg. (note the excel file named "credit cards august" on the would-be victim's desktop!).
according to virustotal.com, an online tool that uses the combined power of more than two-dozen antivirus programs to scan for new malware, this piece of malicious software was so selectively spammed that it remains undetected by the majority of the antivirus products on the market today. in fact, as late as nov. 1, a confirmed victim's machine passed a full system software scan from an up-to-date version of symantec's norton antivirus.
idefense's richard said it was remarkable that the avg software detected the this piece of malware, which was hand-made and only sent to a few thousand victims. "the stuff he's writing is very custom, so there's generally zero detection available for this type of malware for weeks at a time," richard said. "antivirus is nearly worthless when it comes to [detecting] custom attacks."
so who were the victims of this attack, which -- despite a fair amount of media attention -- appears to be gaining new victims with each passing hour? most of the two dozen or so that i spoke with fell into one of four camps -- real estate brokers, marketing companies, law firms and pharmaceutical providers. several news media sources were among the victims. in fact, i personally alerted a victim at the washington post.
the sans internet storm center earlier this week posted an alert about the fake ftc e-mail that appeared to tie the attack to a database of sales leads allegedly stolen from salesforce.com. last week, security fix published evidence suggesting that a database compromise at salesforce.com had led to a similar series of targeted malicious e-mail virus attacks against several industry sectors, including numerous bank customers.
a great many of the victims i contacted were confirmed users of salesforce.com's database. still, it's not clear yet how the database breach occurred and salesforce.com may not have been the negligent party. but one aspect of this attack remains very curious: out of nearly 500 people who were victimized by this particular trojan horse program over the past 72 hours, the attacker chose to take screen shots of just a handful of them. among those he decided to snapshot was a person logging into a user account at salesforce.com, which you can see in the image to the left.
if there is a moral to this story, it is this: e-mail has become such an untrustworthy medium that even messages addressing you by name should be treated with the utmost suspicion, particularly those that ask you to open an e-mail attachment or click on an included link. if a message comes from someone you don't know, delete it. if it appears to have been sent from a friend or family member, reply to the message and ask for confirmation that the sender indeed meant for you to view that e-mail attachment.
update, 1:12 p.m. et, nov. 6: care to know just how bad anti-virus detection is for the keystroke logging program used in this attack? check out the results of a scan at virustotal.com viewable here. only 15 out of 31 different anti-virus programs currently detect it as malicious. that's less than a 50 percent detection rate for a piece of malware that was first spammed out more than two weeks ago.
posted by brian krebs | permalink
| comments (28)
share this: technorati
| tag in del.icio.us | digg this
posted at 06:00 pm et, 10/31/2007
anti-virus on a mac?
every other week, i host a security fix live chat with readers, and almost invariably, one of the questions that comes up is: "hi. i'm a mac user. should i be using anti-virus software?" i usually answer that while there are very few recent examples of malicious software in the wild built for mac users, no amount of protective software should be seen as a substitute for using your head when surfing the 'net.
one of the more amusing statements i've heard from at least a couple of mac users who are also windows users is that they only do the stereotypically "risky" online activities -- such as surfing random porn sites -- from their trusty macs.
this is interesting because it looks like some of the same tactics that malware writers have used to install malicious software via porn sites on windows pcs have taken a step into the mac world. for years, scam artists have been using the demand for online porn as a way to trick windows users into installing fake video "codecs," malicious software disguised as a program that supposedly enables the user to view protected video content (probably no one has covered this trend more exhaustively than the corporate blog from anti-spyware firm sunbelt software.)
according to an alert issued monday by intego, a company that sells anti-virus software for the mac, a number of mac user forums are being spammed with links to video porn sites that prompt mac users to install one of these magic codecs. intego says the trade-off is hardly worth it, as mac users who agree to install the software don't get to view any additional racy material, and yet they're left with a nasty little rash on their machine to boot.
intego says the bogus codec silently changes the user's dns settings so that when they visit certain financial sites -- such as ebay, paypal, and those of several banks -- the victim is routed to a counterfeit look-alike site designed to swipe their credentials. in addition, it appears that undoing the damage wrought by this trojan horse program is fairly tough.
so what lessons can we learn from this? whether you use a mac or a pc or a linux box for that matter, it pays to avoid risky behaviors, period. for mac users, the riskiest of those actions includes installing software of dubious origin.
that said, my macbook pro came with the corporate edition of symantec's anti-virus software installed (by our it folks). but i'm wondering how many other mac readers have installed anti-virus software, and if so -- what software you've settled upon?
posted by brian krebs | permalink
| comments (32)
share this: technorati
| tag in del.icio.us | digg this
posted at 04:20 pm et, 10/31/2007
'net governance body punts on whois privacy
the nonprofit organization that manages the internet's domain-name system has voted to punt on a proposed change to the global whois database of web site name registrants. the changes would have given web site owners the ability to shield their identities online and, indirectly, cut spammers off from an easy-to-mine database of legitimate e-mail addresses.
washingtonpost.com on monday ran a story i wrote about proposed changes to the global whois database -- which contains information such the name, phone number, e-mail and physical address of anyone who has registered a web site name ending in ".com" ".net" ".info" ".biz" or basically any other domain name ending in three letters.
privacy advocates had been guardedly hoping that the internet corporation for assigned names and numbers (icann) would approve their proposal to limit the amount of personal information in the whois database.
from that story: "privacy groups say the domain registry has become a data-mining dream for marketers and spammers, who constantly trawl the database for new e-mail addresses. opponents of any change in the system counter that the data is essential in resolving intellectual property disputes, aiding cyber crime investigations, and helping computer security experts quickly shutter fraudulent web sites."
to hardly anyone's surprise, in a vote of 7 yeas to 17 nays, icann decided to propose additional studies on the privacy impact of the whois database.
i'd be curious to know how many readers who have registered web sites have chosen to either provide blatantly false whois data, or who have in view of privacy concerns opted to pay their registrar an added fee to keep their information private.
posted by brian krebs | permalink
| comments (13)
share this: technorati
| tag in del.icio.us | digg this
blog archives
rss feed
subscribe to the post
© 2006-2007 the washington post company
Acceuil
suivante
security fix - brian krebs on computer and internet security - (washingtonpost.com) The Fix -- Chris Cillizza's Politics Blog on washingtonpost.com REVFIX // REVFIX-image. La passion du tirage NB argentique.Jean ... Financial Information eXchange - Wikipedia, the free encyclopedia Fix - Wikipedia, the free encyclopedia Fix Oyun - Online Oyun Merkezi - Bedava Oyun Oynayın.. The FIX Protocol Organization > What is FIX? The FIX Protocol Organization > Home page SmitFraudFix FIX AB Page perso de Jeremy Fix BD FIX - SPECIALISTES FIGURINES - PARA BD en Savoie FiX-Netze.com Fix Videos Editions Mouvement Fix Fix My Registry Neuro-anatomie - Résultats Google Recherche de Livres Fix-Up © www.fix.no Observations sur l'état des classes ouvrières - Résultats Google Recherche de Livres FIX - Wikipédia Utilisateur:Chikamichi/Log/Fix - Wikipédia [adult swim] Adult Swim Fix Revue mensuelle d'économie politique - Résultats Google Recherche de Livres VCOM Fix-It Utilities - PC diagnostics. Computer diagnostics to ... Urheiluhallit etusivu Jeremy Fix Rue Fondaudege TAR FIX 0707 FT.qxd Skirando -- Achat-Ventes - Re: Cherche fix dynafit eBay.be: PLAYSTATION 2 REPAIR GUIDE Fix Broken PS2 INSTANT DOWN ... eBay.be: TUFF " RELIGIOUS FIX " GLAM HAIR METAL CD (objet ... msn fix rapport de fix Klub taneczny FIX / http://www.fix.torun.com.pl Braun 1715 FREE Control /FIX : avis de consommateurs, comparateur ... Fix Auto - Fix Auto, the body shop network Fix Auto Amazon.fr : Bob the Builder - The Knights of Fix-a-Lot: DVD: Neil ...